Bug#857699: ioquake3 has a security vulnerability
Simon McVittie
smcv at debian.org
Tue Mar 14 08:30:36 UTC 2017
Control: tags 857699 + security
Control: clone 857699 -2 -3
Control: reassign -2 iortcw 1.42b+20150930+dfsg1-1
Control: reassign -3 openjk 0~20150430+dfsg1-1
On Tue, 14 Mar 2017 at 04:59:15 +0100, Daniel Gibson wrote:
> earlier today ioquake3 fixed a vulnerability that, as far as I understand,
> could let malicious multiplayer servers execute code on connecting clients.
Thanks for reporting, I'll fix this ASAP.
Looks like I need to teach ioquake3 upstream about coordinated
disclosure, or remind them that their game is in distributions.
> It affects all prior versions of ioquake3 (and I think also original Quake
> 3).
> Details: https://ioquake3.org/2017/03/13/important-security-update-please-update-ioquake3-immediately/
cc'ing security team for information. No CVE ID yet, I assume ioquake3
upstream will be requesting one (or if not I will).
S
More information about the Pkg-games-devel
mailing list